How do I set cookies within Heroku Review App?
I am managing two separate apps through two different Heroku pipelines.
App 1 - Handles my auth, this is a login landing page. App 2 - The main app, can access after authenticating via App 1.
I have separate review apps running for each app. The reasoning was so I can have both Review
Apps under the .herokuapp.com domain.
App 1 takes Username, Password, and sets a JWT. In App 1, a query param is set and it contains a callbackUrl to App2. The JWT is set as a cookie in App 1 and sent to App 2 via a cookie (a token).
This is a problem with the new Same-Site Rules in Chrome. However, I have read various articles and workarounds for this, and my Cookies are still blocked. Here is the error:
the Set-Cookie was blocked because its domain attribute was invalid with regards to the current host url.
I believe they are blocked because the domain .herokuapp.com is on the Public Suffix List, so no matter what I do, they will always be blocked.
Is there a workaround for this? Can I use my own domain with a review app? Ideally:
app1.helloworld.com
app2.helloworld.com
.helloworld.com would be the domain.
Indeed they are blocked due to the domain being on suffix.
But you can block chrome from registering that you are on the suffix list through creating a library with automated deployments similar to hstspreload and then also providing a mechanism that any HTTP library can update the packaged list via their own fetching mechanism.
sadly you cannot reliably exclude .herokuapp.com from the suffix list or any other website for that matter.
for those wanting to see more about attempting to remove from suffix, here are the pros and cons and other theorized attempts: https://forum.blocsapp.com/t/remove-html-suffix/1643
- Examples of Ruby on rails + aws congnito
- How should I set my DATABASE_URL?
- Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
- Permission denied (publickey) when deploying heroku code. fatal: The remote end hung up unexpectedly
- why my cli give an error when I pushing my app?
- Failed openWeatherMap API call
- Heroku Rails deploy fails with error "could not connect to server: Connection refused"
- Running Django custom manage.py task on Heroku - Importing Issues
- zsh: parse error near `\n' when Adding AWS keys as environment variables
- Connect an Authenticator App with Heroku results in "That code is invalid or expired. Try another."
- Nginx reverse proxy to Heroku fails SSL handshake
- Permission Denied While Running .sh Script in Docker Container with Heroku Dyno Deployed with Github Actions
- IP Address Mismatch on signing into Heroku CLI
- How do I access a private github repo from heroku?
- Migrate PostgreSQL database from Heroku to Railway
- Resource 'corpora/wordnet' not found on Heroku
- Heroku: How to release an existing image in gitlab CI/CD?
- Django Celery Redis
- getting YN0028 The lockfile would have been modified by this install, which is explicitly forbidden. using yarn berry and heroku
- Heroku Nodejs app with R10, H10 and H20 errors
- The argument 'path' must be a string, Uint8Array, or URL without null bytes. Received '\x00@astro-page:astro/assets/endpoint/node' on Heroku deploy
- How to hide databases that I am not allowed to access
- Where do I get a CPU-only version of PyTorch?
- Django email sending on Heroku
- 'matplotlib' has no attribute 'cm' when deploying an app
- Inconsistent ClassCastException for XmlBeans.Factory parse method
- Settings.py cannot find psycopg2... squlite3 and postgresql problem... no such table: auth_user
- Permission problem with heroku stack build locally with docker compose on ubuntu 24.04
- How do I get my heroku app's node version?
- Getting ERR_MODULE_NOT_FOUND in my Heroku App but working fine in localhost